<?php defined( '_JEXEC' ) or die( 'Restricted access' ); ?><?php defined( '_SEXEC' ) or die( 'Restricted access' ); ?>
<?php
	if(!isset($_SESSION['username']) && !isset($_SESSION['usertype']))
		header("location: index.php");
?>
<?php

if(isset($submit))
{
	switch(trim($submit))
	{
		case "Save":
				b($current_password,"Enter your Current Password");
				b($new_password,"Enter your New Password");
				pc($new_password, "Your New Password is not confirmed", $confirm_password);
				
				if(count($arr) == 0) {
					$sql = "select id from users where username = '".$_SESSION['username']."' and password = '".$current_password."'";
					$result = mysql_query($sql);
					if(mysql_num_rows($result) > 0){
						$sql = "update users set password = '".$new_password."'";
						mysql_query($sql);
						$msg = "Password Change succesful";
						$current_password=$new_password=$confirm_password="";
					} else {
						$arr[] = "Current Password is not matched";
					}
				}
				break;
	}
}

if(!isset($btval))
	$btval="     Save     ";
	


?>

<div id="title">User Management</div>

<form name="user-form" method="post" action="">
<table border="0" cellspacing="3" cellpadding="3" align="center">
	<tr>
		<td colspan=2>
			<?php
				se();
			?>
		</td>
	</tr>
	<tr>
		<td align=center colspan=2><font size=4><u>Change Password</u></font></td>
	</tr>
	<tr>
		<td align=right>Current Password:</td>
		<td><input name="current_password" type="password" value="<?php echo $current_password?>"/></td>
	</tr>
	<tr>
		<td align=right>New Password:</td>
		<td><input name="new_password" type="password" value="<?php echo $new_password?>"/></td>
	</tr>
	<tr>
		<td align=right>Confirm Password:</td>
		<td><input name="confirm_password" type="password" value="<?php echo $confirm_password?>"/></td>
	</tr>
	<tr>
		<td colspan="2" align="center">
			<input type="submit" name="submit" value="<?php echo $btval?>" class='button'/>
		</td>
	</tr>	
</table>
</form>